Don

Any help with this problem would be greatly appreciated.

I've developed a simple MS Access application to help manage the
migration of users to a new system in a large enterprise (~50,000 user
objects). One of the ways I'm doing this is to run a VBA routine to
update an extensionAttribute in AD to indicate which migration batch
the user belongs to. When I run the code below, the search component
only works the way it's written below. But the part about updating
the user's extensionAttribute fails unless I logon to my machine with
the administrator's account. So why would the search action use the
administrator credentials but the update action use integrated
credentials? What should I change? I'm trying to code this so non-
administrators can use this application.

Thanks.

'This code will update extensionAttribute15 in Active Directory for
everyone that is a part of the batch

Hi,

I need to work out a way of introducing a maxpwdage policy in an AD domain
gradually. If I were to simply enable say a 90 day maxpwdage currently I
would get approximately 40,000 instantly expiring. I think this would cause
the helpdesk staff to also expire.

So, I am looking for a method that would enable me to introduce expiry to a
group of accounts at a time, whilst giving the users warning of the expiry
before it happens.

I have looked at setting the pwdlastset field to a variety of dates in the
past, but found that you can only set it to 0 or -1 (I wasn't surprised
about this). I also looked at setting the passwordexpirationdate but
discovered this is a calculated field based on pwdlastset and maxpwdage, so
this wouldn't work either.

Hi,

I am not sure if this is an appropriate group for this question, but does
anyone know how, or can suggest a good reference sight for doing SQL based
LDAP inserts eg I need to be able to add certain AD accounts to be members
of certain AD groups via SQL. I know you can do things like

@SQL=';(&(ObjectCategory=group)(memberOf=' +
ltrim(rtrim(@gpDN)) + '));distinguishedName;subtree'
SELECT * FROM OpenQuery(ADSI,''' + @SQL + ''')

but I can't find a good reference site to help me. I also realise that
memberof is a multivalued field so I don't know if this is going to make it
more complicated to achieve.

Thanks in advance
Janette

Hi,

I have web application which creates user on the same server where
application is running.

It works on my local but when i deploy, it says general errror

System.UnauthorizedAccessException: General access denied error
at System.DirectoryServices.Interop.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()

I have given admin rights to ASP.NET user and the one who connected to
the appliction also has Admin Rights to the system. What else i am
missing on the security level?

in my config.

Can some one help me..

Thanks in advance
Malar

Below is the code for creating an user

DirectoryEntry objAD;
DirectoryEntry objNewUser;
DirectoryEntry objGrp;
string strConn;

Hi,
I am working on a problem where my application creates 2008 cluster
resources via the clusapi. However recently I found a problem where the
Netname fails to come online with the following error"0x80071736" when trying
to add a file share resource through "NetShareAdd()". So, I did a little
testing and found that the network name was failing to start with an error
that the object already exists. Is there a way I can log the behavior of
clusapi to determine how clusapi is detecting the existing object, so I can
check for that object and block my application configuration until its
resolved?

Hope that all makes sense. ;) There isn't a cluster forum, and the SDK forum
didn't have anything specific to API's. So this group seemed like the next
best place. Forgive me if its in the wrong group :)

Nick

Hello all,

I'm having a problem with a query I've created to find users by first
name, last name, and/or the combination. This worked until I found a
user who has a space in their last name and the search doesn't find
them. Can anyone tell me why the following LDAP query won't find a
user with a space in their last name?

string firstName = "MyName";
string lastName = "Da Rosa";
"(&(objectClass=User)(objectCategory=person)(!userAccountControl:
1.2.840.113556.1.4.803:=2)(givenName=" + firstName + "*)(sn=" +
lastName + "*))"

Hi,

I need to distinguish if attribute is missing from AD Schema or has
null value
How to retrieve attribute when its value is null?
Why Properties.Contains("PropertyName") doesn't return attribute when
its value is not set?

I have checkbox that should be visible if attribute exist and not
visible if attribute is missing.

Thanks in advance for your help.

Hi,

I have just started this new position and am building a web based application to add users to the active directory. The code I am using to add an account is:

Dim dirEnt As DirectoryEntry = GetDirectoryEntry(Container, ownrName, pass)
Dim users As DirectoryEntries = dirEnt.Children
Dim newuser As DirectoryEntry = users.Add("CN=" & FirstName & " " & LastName, "user")

This works perfectly fine for me and the account gets added. However when I am doing a search for all users, the filter
ds.Filter = "(&(objectCategory=Person)(objectClass=user))"
doesn't return the newly added user. I have tried varying the filter but am unable to find the user, although if I query for just the user account I am able to find it. I believe that the objectCategory on the account is not being set to "Person" but have been able to find no information on how to alter these settings.

Any help would be deeply appreciated.

Geoff

Hi all,

I have a piece of code (see below) which is used to retrieve all user/groups
and their members. This works fine in many network environments, except in
this network where the code was used recently. Are there any conditions
which cause the members property to be empty? The code DOES work for
BUILT_IN groups like "Administrators" and "Guests", but when a custom domain
group is retrieved, the members property stays empty. (and this problem only
occurs in one particular network). Some information:

- The user is a Domain Admin
- There are custom domain groups which have other custom domain groups as a
member.
- All the domain groups are found in the first For Each loop.
- Only the members of the BUILT_IN groups are found in the seconde For Each
loop
- Normally this code works fine, so perhaps it's caused by the network
environment
- The IAdsUser.Groups property works fine in this network (used in an other
piece of code)